Pages

Friday, January 2, 2015

FTC finalizes charges against Snapchat over user privacy

The FTC has approved final charges against Snapchat after the company's lax security policies were exposed, placing user data at risk.

In an advisory posted 31 Dec, the Federal Trade Commission (FTC) revealed final charges set against the messaging app company. The Snapchat app billed itself as a way of sending messages -- 'snaps' -- which would self-destruct within a set timeframe after being viewed by the recipient.

However, we discovered last year that this isn't exactly the case -- as a third-party app could be used to view the Snapchat directory and recover messages which were meant to have vanished.

Naturally, users were not best pleased at the idea their personal messages, which were not meant to exist, could be extracted and stored. It seems the FTC wasn't happy either, as it could be argued that users were misled over the protection of their data when using the Snapchat app.

The FTC says that Snapchat "deceived consumers with promises about the disappearing nature of messages sent through the service," and "Snapchat also deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure."

In other words, Snapchat wasn't clear when it comes to your entire contact list being accessed and lifted from your mobile device.

Following a public comment period and a unanimous vote hosted by the Commission, the US consumer watchdog and Snapchat have finally settled the matter. Snapchat has agreed to revise its privacy policy and submit to monitoring by an independent privacy service for the next 20 years.

The company is also banned from "misrepresenting" itself in how user security, privacy and confidentiality is maintained.

In November, Snapchat also issued an outright ban on third-party apps linking to the Snapchat platform, and promised to start freezing the accounts of users who refused to comply with the new rules. Snapchat was forced to take action following a mass hack dubbed the "Snappening" which saw a database containing over 100,000 images and videos sent across Snapchat leaked online for the titillation of the masses.

Snapchat was also made to apologize after 4.6 million Snapchat usernames and matched phone numbers were leaked at the start of 2014.

There are no fines on the horizon, but this case should remind companies that user privacy in a post-Snowden era is a top concern and security should not be ignored.